National Security Law: Know Your Customers (KYC) implications for NGOs
Recently, the Hong Kong Council of Social Services (HKCSS) arranged a webinar with 2 legal experts highlighting the implications of the HK National Security Law (NSL) on the NGO sector. What was evident from that session was that there is an increased expectation on the NGO sector not only to assess whether the nature of their programmatic operations contravenes any of the provisions of the NSL, but also an additional responsibility to review the background of donors and sources of funding NGOs are receiving to ensure the NSL provisions are not breached. Background checking on sources of funding is a common practice known as Know Your Customer or KYC checks in the financial sector - to comply with Anti Money Laundering (AML) Regulations. Many of us would have come across these checks during the process of opening bank accounts where financial institutions require submission of significant amount of information to perform background checks prior to opening of the bank account. These financial institutions also perform continuous monitoring of any suspicious transactions to ensure that monies being transacted are not illegal money laundering proceeds.
Whilst the NSL doesn’t as yet impose a similarly strict KYC process requirement on NGOs to monitor that their donations are in compliance with the NSL, it is nonetheless expected good practice that NGOs adopt a baseline record keeping of their donors and the donations/transaction information they receive as part of their own risk management process. Many NGOs do not do this well and have fragmented donor data across multiple operation platforms (e.g. email systems, finance systems, Excel files, payment gateways) which hinders their insight into their donors/sources of funding background information. This hinders NGOs in performing a baseline KYC process on their donors. A practical way for NGOs to perform a baseline KYC on their donors/sources of funding would be to adopt a donor CRM database whereby all records of donors’ information and transactions are kept in one system providing a consolidated 360 degree view. This will give a view across all donors transactions with the NGO - be it financial or non-financial touchpoints. The CRM platform provides an auditable information trail, historical and researched background information on the donor/source of funding that the NGO has received. These information trail provides evidence on the donor and that the NGO is performing some KYC checks within their obligations under the new NSL regulations. Secondly, many NGOs rely solely on international payment gateways such as Stripe etc. to facilitate their donation payments. As the NSL is specific to Hong Kong, and the Hong Kong Monetary Authority (HKMA) has issued an advice to banks to report any breaches of the NSL as they would any violation of money-laundering or terrorist financing regulations (See South China Morning Post, Financial Times), it would be wise for NGOs to piggy back on the AML screening performed by local Hong Kong financial institutions as an additional part of the KYC screening required under the NSL regulations. There may be a risk that international payment gateways without local HK presence may not be able to comply with the NSL requirements, thus leading to an increased exposure to NSL risks by NGOs relying solely on these payment gateways/facilitators.
CSG has partnered with a local HK payment gateway provider who is fully compliant with Hong Kong’s AML regulations, the HKMA advice and this payment gateway is natively integrated into eTapestry donor CRM database platform. Both of these solutions help NGOs put in place a more robust set of processes and systems to manage their risks under the NSL regulations and perform their KYC on their donors/sources of funding. CSG’s partner integrated gateway with eTapestry is already compliant with AML regulations in the following locations: Hong Kong, China, Macau, Taiwan, Singapore, Malaysia, Philippines, India. For all other Asia locations, integration can be done with a relevant compliant local gateway. To find out more about eTapestry and its integration with your local integrated payment gateway and KYC processes, please email: firstname.lastname@example.org or call +852 2505 6684.